SANS 2019 Incident Response Survey: Successful IR Relies on Visibility

SANS 2019 Incident Response Survey: Successful IR Relies on Visibility
During the past year, we have witnessed significant data breaches that have impacted industries ranging from hospitality to legal to social media. We have seen a continuation of financially motivated threats, such as business email compromise (BEC), which continue to plague corporate bank accounts. Ransomware has brought multiple cities, schools and universities to their knees, earning threat actors significant funds. Coupled with the ever-looming threat that a state sponsored threat actor might pull an organization into its crosshairs, there’s little reason to cease vigilance in enterprise networks. Vigilance requires the ability to be nimble and flexible, especially given the array of options available to threat actors these days.SANS’ IR Survey Key FindingsThe 2019 SANS Incident Response survey shows crucial improvement in incident response (IR). Containment and remediation—two of the most important phases of incident response—were exercised in shorter times. Incidents were detected internally at a much higher ratio. False positives also declined, which means organizations have gotten better at classifying their incidents.However, even with these improvements, problematic areas continue to exist from year to year. Many organizations still show severe gaps in visibility, a critical problem that needs to be the cornerstone of an organization’s security program. It’s tough to truly determine your security posture if you are blind to a portion of your environment. In addition, many respondents again expressed concerns about levels of staffing and skills shortages, problems that may require out-of-the-box thinking.Analysis of the Positive IR FindingsThe 2019 IR survey displayed some positive results in key areas. Organizations are moving into containment and remediation faster and are getting better at de ..